Moderate severityNVD Advisory· Published Mar 27, 2020· Updated Aug 4, 2024
Kubernetes API server denial of service
CVE-2020-8552
Description
The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
k8s.io/apiserverGo | < 0.15.10 | 0.15.10 |
k8s.io/apiserverGo | >= 0.16.0, < 0.16.7 | 0.16.7 |
k8s.io/apiserverGo | >= 0.17.0, < 0.17.3 | 0.17.3 |
Affected products
202- osv-coords201 versionspkg:apk/chainguard/argo-cd-2.7pkg:apk/chainguard/argo-cd-2.7-compatpkg:apk/chainguard/argo-cd-2.7-repo-serverpkg:apk/chainguard/argo-cd-2.8pkg:apk/chainguard/argo-cd-2.8-compatpkg:apk/chainguard/argo-cd-2.8-repo-serverpkg:apk/chainguard/aws-ebs-csi-driverpkg:apk/chainguard/aws-ebs-csi-driver-1.18pkg:apk/chainguard/aws-ebs-csi-driver-1.19pkg:apk/chainguard/calicopkg:apk/chainguard/calico-apiserverpkg:apk/chainguard/calico-app-policypkg:apk/chainguard/calico-cnipkg:apk/chainguard/calico-cni-compatpkg:apk/chainguard/calicoctlpkg:apk/chainguard/calico-felixpkg:apk/chainguard/calico-key-cert-provisionerpkg:apk/chainguard/calico-kube-controllerspkg:apk/chainguard/calico-nodepkg:apk/chainguard/calico-pod2daemonpkg:apk/chainguard/calico-pod2daemon-flexvol-compatpkg:apk/chainguard/calico-typha-clientpkg:apk/chainguard/calico-typhadpkg:apk/chainguard/cert-manager-1.11pkg:apk/chainguard/cert-manager-1.11-acmesolverpkg:apk/chainguard/cert-manager-1.11-cainjectorpkg:apk/chainguard/cert-manager-1.11-controllerpkg:apk/chainguard/cert-manager-1.11-webhookpkg:apk/chainguard/cert-manager-1.12pkg:apk/chainguard/cert-manager-1.12-acmesolverpkg:apk/chainguard/cert-manager-1.12-cainjectorpkg:apk/chainguard/cert-manager-1.12-controllerpkg:apk/chainguard/cert-manager-1.12-webhookpkg:apk/chainguard/cert-manager-acmesolver-1.12pkg:apk/chainguard/cert-manager-acmesolver-1.12-bitnami-compatpkg:apk/chainguard/cert-manager-acmesolver-1.12-iamguarded-compatpkg:apk/chainguard/cert-manager-cainjector-1.12pkg:apk/chainguard/cert-manager-cainjector-1.12-bitnami-compatpkg:apk/chainguard/cert-manager-cainjector-1.12-iamguarded-compatpkg:apk/chainguard/cert-manager-controller-1.12pkg:apk/chainguard/cert-manager-controller-1.12-bitnami-compatpkg:apk/chainguard/cert-manager-controller-1.12-iamguarded-compatpkg:apk/chainguard/cert-manager-webhook-1.12pkg:apk/chainguard/cert-manager-webhook-1.12-bitnami-compatpkg:apk/chainguard/cert-manager-webhook-1.12-iamguarded-compatpkg:apk/chainguard/cmctl-1.11pkg:apk/chainguard/cmctl-1.12pkg:apk/chainguard/eks-distro-kubernetes-csi-external-provisioner-1.23pkg:apk/chainguard/eks-distro-kubernetes-csi-external-provisioner-1.25pkg:apk/chainguard/flux-helm-controllerpkg:apk/chainguard/flux-helm-controller-0pkg:apk/chainguard/flux-helm-controller-0.37pkg:apk/chainguard/flux-helm-controller-bitnami-compatpkg:apk/chainguard/flux-helm-controller-iamguarded-compatpkg:apk/chainguard/gatekeeper-3.12pkg:apk/chainguard/gatekeeper-3.12-compatpkg:apk/chainguard/gatekeeper-3.13pkg:apk/chainguard/gatekeeper-3.13-compatpkg:apk/chainguard/haproxy-ingresspkg:apk/chainguard/haproxy-ingress-compatpkg:apk/chainguard/helmpkg:apk/chainguard/helm-3pkg:apk/chainguard/helm-4pkg:apk/chainguard/istio-pilot-agent-1.18pkg:apk/chainguard/istio-pilot-agent-1.18-compatpkg:apk/chainguard/istio-pilot-agent-fips-1.19pkg:apk/chainguard/istio-pilot-agent-fips-1.19-compatpkg:apk/chainguard/istio-pilot-discovery-1.19pkg:apk/chainguard/istio-pilot-discovery-1.19-compatpkg:apk/chainguard/istio-pilot-discovery-fips-1.19pkg:apk/chainguard/istio-pilot-discovery-fips-1.19-compatpkg:apk/chainguard/k8sgptpkg:apk/chainguard/kargopkg:apk/chainguard/kargo-oci-compatpkg:apk/chainguard/kedapkg:apk/chainguard/keda-2.10pkg:apk/chainguard/keda-2.10-adapterpkg:apk/chainguard/keda-2.10-admission-webhookspkg:apk/chainguard/keda-2.10-compatpkg:apk/chainguard/keda-2.8pkg:apk/chainguard/keda-2.9pkg:apk/chainguard/keda-adapterpkg:apk/chainguard/keda-adapter-2.10pkg:apk/chainguard/keda-adapter-2.8pkg:apk/chainguard/keda-adapter-2.9pkg:apk/chainguard/keda-admission-webhookspkg:apk/chainguard/keda-admission-webhooks-2.10pkg:apk/chainguard/keda-compatpkg:apk/chainguard/keda-compat-2.10pkg:apk/chainguard/keda-compat-2.8pkg:apk/chainguard/keda-compat-2.9pkg:apk/chainguard/kubeflow-pipelinespkg:apk/chainguard/kubeflow-pipelines-apiserverpkg:apk/chainguard/kubeflow-pipelines-cache-deployerpkg:apk/chainguard/kubeflow-pipelines-cache-deployer-compatpkg:apk/chainguard/kubeflow-pipelines-cache_serverpkg:apk/chainguard/kubeflow-pipelines-frontendpkg:apk/chainguard/kubeflow-pipelines-metadata-envoy-configpkg:apk/chainguard/kubeflow-pipelines-metadata-writerpkg:apk/chainguard/kubeflow-pipelines-metadata-writer-compatpkg:apk/chainguard/kubeflow-pipelines-persistence_agentpkg:apk/chainguard/kubeflow-pipelines-scheduledworkflowpkg:apk/chainguard/kubeflow-pipelines-viewer-crd-controllerpkg:apk/chainguard/kube-oidc-proxypkg:apk/chainguard/kubernetes-csi-external-provisionerpkg:apk/chainguard/kubernetes-csi-external-resizerpkg:apk/chainguard/kubevelapkg:apk/chainguard/kubevela-vela-clipkg:apk/chainguard/kubevela-vela-corepkg:apk/chainguard/kubevela-vela-core-compatpkg:apk/chainguard/metrics-serverpkg:apk/chainguard/metrics-server-bitnami-compatpkg:apk/chainguard/metrics-server-compatpkg:apk/chainguard/metrics-server-iamguarded-compatpkg:apk/chainguard/vela-clipkg:apk/chainguard/vela-corepkg:apk/wolfi/argo-cd-2.7pkg:apk/wolfi/argo-cd-2.7-compatpkg:apk/wolfi/argo-cd-2.7-repo-serverpkg:apk/wolfi/argo-cd-2.8pkg:apk/wolfi/argo-cd-2.8-compatpkg:apk/wolfi/argo-cd-2.8-repo-serverpkg:apk/wolfi/aws-ebs-csi-driverpkg:apk/wolfi/calicopkg:apk/wolfi/calico-apiserverpkg:apk/wolfi/calico-app-policypkg:apk/wolfi/calico-cnipkg:apk/wolfi/calico-cni-compatpkg:apk/wolfi/calicoctlpkg:apk/wolfi/calico-felixpkg:apk/wolfi/calico-key-cert-provisionerpkg:apk/wolfi/calico-kube-controllerspkg:apk/wolfi/calico-nodepkg:apk/wolfi/calico-pod2daemonpkg:apk/wolfi/calico-pod2daemon-flexvol-compatpkg:apk/wolfi/calico-typha-clientpkg:apk/wolfi/calico-typhadpkg:apk/wolfi/cert-manager-1.11pkg:apk/wolfi/cert-manager-1.11-acmesolverpkg:apk/wolfi/cert-manager-1.11-cainjectorpkg:apk/wolfi/cert-manager-1.11-controllerpkg:apk/wolfi/cert-manager-1.11-webhookpkg:apk/wolfi/cert-manager-1.12pkg:apk/wolfi/cert-manager-1.12-acmesolverpkg:apk/wolfi/cert-manager-1.12-cainjectorpkg:apk/wolfi/cert-manager-1.12-controllerpkg:apk/wolfi/cert-manager-1.12-webhookpkg:apk/wolfi/cmctl-1.11pkg:apk/wolfi/cmctl-1.12pkg:apk/wolfi/flux-helm-controllerpkg:apk/wolfi/flux-helm-controller-bitnami-compatpkg:apk/wolfi/flux-helm-controller-iamguarded-compatpkg:apk/wolfi/gatekeeper-3.12pkg:apk/wolfi/gatekeeper-3.12-compatpkg:apk/wolfi/gatekeeper-3.13pkg:apk/wolfi/gatekeeper-3.13-compatpkg:apk/wolfi/haproxy-ingresspkg:apk/wolfi/haproxy-ingress-compatpkg:apk/wolfi/helmpkg:apk/wolfi/helm-3pkg:apk/wolfi/helm-4pkg:apk/wolfi/istio-pilot-agent-1.18pkg:apk/wolfi/istio-pilot-agent-1.18-compatpkg:apk/wolfi/istio-pilot-discovery-1.19pkg:apk/wolfi/istio-pilot-discovery-1.19-compatpkg:apk/wolfi/k8sgptpkg:apk/wolfi/kargopkg:apk/wolfi/kargo-oci-compatpkg:apk/wolfi/kedapkg:apk/wolfi/keda-2.10pkg:apk/wolfi/keda-2.10-adapterpkg:apk/wolfi/keda-2.10-admission-webhookspkg:apk/wolfi/keda-2.10-compatpkg:apk/wolfi/keda-adapterpkg:apk/wolfi/keda-admission-webhookspkg:apk/wolfi/keda-compatpkg:apk/wolfi/kubeflow-pipelinespkg:apk/wolfi/kubeflow-pipelines-apiserverpkg:apk/wolfi/kubeflow-pipelines-cache-deployerpkg:apk/wolfi/kubeflow-pipelines-cache-deployer-compatpkg:apk/wolfi/kubeflow-pipelines-cache_serverpkg:apk/wolfi/kubeflow-pipelines-frontendpkg:apk/wolfi/kubeflow-pipelines-metadata-envoy-configpkg:apk/wolfi/kubeflow-pipelines-metadata-writerpkg:apk/wolfi/kubeflow-pipelines-metadata-writer-compatpkg:apk/wolfi/kubeflow-pipelines-persistence_agentpkg:apk/wolfi/kubeflow-pipelines-scheduledworkflowpkg:apk/wolfi/kubeflow-pipelines-viewer-crd-controllerpkg:apk/wolfi/kubernetes-csi-external-provisionerpkg:apk/wolfi/kubernetes-csi-external-resizerpkg:apk/wolfi/kubevelapkg:apk/wolfi/kubevela-vela-clipkg:apk/wolfi/kubevela-vela-corepkg:apk/wolfi/kubevela-vela-core-compatpkg:apk/wolfi/metrics-serverpkg:apk/wolfi/metrics-server-bitnami-compatpkg:apk/wolfi/metrics-server-compatpkg:apk/wolfi/metrics-server-iamguarded-compatpkg:apk/wolfi/vela-clipkg:apk/wolfi/vela-corepkg:golang/k8s.io/apiserver
< 0+ 200 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0.15.10
- Range: unspecified
Patches
Vulnerability mechanics
References
11- github.com/advisories/GHSA-82hx-w2r5-c2wqghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/mitrevendor-advisoryx_refsource_FEDORA
- nvd.nist.gov/vuln/detail/CVE-2020-8552ghsaADVISORY
- github.com/kubernetes/kubernetes/commit/5978856c4c7f10737a11c9540fe60b8475beecbbghsaWEB
- github.com/kubernetes/kubernetes/issues/89378ghsax_refsource_MISCWEB
- github.com/kubernetes/kubernetes/pull/87669ghsaWEB
- groups.google.com/forum/ghsaWEB
- groups.google.com/forum/mitrex_refsource_MISC
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LXghsaWEB
- security.netapp.com/advisory/ntap-20200413-0003ghsaWEB
- security.netapp.com/advisory/ntap-20200413-0003/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.